Generating secure roaming user profiles over a network
First Claim
1. A network device for providing access to a resource over a network, comprising:
- a memory arranged to store data and instructions; and
a processor arranged to enable actions embodied by at least a portion of the stored instructions, the actions comprising;
selectively sending an application over the network to a client device, the client device having an operating system, the application configured to provide a secure desktop on the client device, and automatically switching control of the client device to the secure desktop;
wherein access to resources is restricted by the secure desktop to being performed through the secure desktop;
receiving a resource request from the client device to map onto a file system controlled by the secure desktop;
restricting access to a requested resource indicated as being a non-mapped resource to read-only; and
otherwise, enabling a mapping of the requested resource onto the secure desktop, wherein mapping the resource further includes adding to the operating system of the client device a kernel module configured to provide access to the resource; and
when the secure desktop is closed, unmapping the requested resource, and further when the requested resource is cached on the client device, sending the requested resource to a server to synchronize the resource with the server.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments are directed to providing access to a resource over a network. A client device may request access to a server. An application may be provided to the client device. The application may cause control of the client device to be switched from a first desktop to a secure desktop. The secure desktop may be configured to restrict applications access to within the secure desktop. An indication of the resource on the server to map to may be received at the client device. The indicated resource may be mapped onto a file system on the client device. Mapping may comprise using a remote file access protocol, using DLL injection, or adding a kernel module to an operating system on the client device. The mapped resource may be constrained to be accessed through the secure desktop.
-
Citations
20 Claims
-
1. A network device for providing access to a resource over a network, comprising:
-
a memory arranged to store data and instructions; and a processor arranged to enable actions embodied by at least a portion of the stored instructions, the actions comprising; selectively sending an application over the network to a client device, the client device having an operating system, the application configured to provide a secure desktop on the client device, and automatically switching control of the client device to the secure desktop;
wherein access to resources is restricted by the secure desktop to being performed through the secure desktop;receiving a resource request from the client device to map onto a file system controlled by the secure desktop; restricting access to a requested resource indicated as being a non-mapped resource to read-only; and otherwise, enabling a mapping of the requested resource onto the secure desktop, wherein mapping the resource further includes adding to the operating system of the client device a kernel module configured to provide access to the resource; and when the secure desktop is closed, unmapping the requested resource, and further when the requested resource is cached on the client device, sending the requested resource to a server to synchronize the resource with the server. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer-readable storage device having computer-readable instructions stored thereon, which when executed by at least one processor, causes the at least one processor to perform actions, comprising:
-
selectively sending an application to a client device, the client device having an operating system, the application configured to provide a secure desktop on the client device, wherein the application automatically switches control of the client device to the secure desktop;
wherein access to resources is restricted by the secure desktop to be performed through the secure desktop;receiving a resource request from the client device; restricting access to a requested resource indicated as being a non-mapped resource to read-only; and otherwise, enabling a mapping of the requested resource onto the secure desktop, wherein the secure desktop is launched by the application on the client device and wherein the mapped resource is constrained to be accessed through the secure desktop such that the mapped resource appears local to the client device, and wherein mapping the resource further includes adding to the operating system of the client device a kernel module configured to provide access to the resource; and when the secure desktop is closed, unmapping the resource, and further when the resource is cached on the client device, sending the resource to a server to synchronize the resource with the server. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A system, comprising:
-
a plurality of server devices configured to provide access to a resource; and a network device having one or more processors that perform actions, including; selectively sending an application to a client device, the client device having an operating system, the application configured to provide a secure desktop on the client device, wherein the application automatically switches control of the client device to the secure desktop, and wherein the secure desktop is configured to restrict access to resources to be performed through the secure desktop; receiving a resource request from the client device; restricting access to a requested resource indicated as being a non-mapped resource to read-only; and otherwise, enabling a mapping of the resource onto the secure desktop, wherein the secure desktop is launched by the application on the client device and wherein the mapped resource is constrained to be accessed through the secure desktop such that the mapped resource appears local to the client device, and wherein mapping the resource further includes adding to the operating system of the client device a kernel module configured to provide access to the resource; and when the secure desktop is closed, unmapping the resource, and further when the resource is cached on the client device, sending the resource to a server device in the plurality of servers to synchronize the resource with the server device. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification